What to Do if Your Email Account Has Been Hacked

According to the Radicati 2015 Email Statistics Report, the number of worldwide email users is set to reach almost 3 billion by 2019. What's more, the report predicts that users will receive 96 messages a day, up from an average of 88 in 2014. The ubiquitous nature of email combined with its continued growth makes your accounts a tempting target for hackers. If you become the victim of a hacked email account, here's what you need to do to remedy the situation.

1. Run Your Antivirus Program

As noted by the FTC's guide on hacked email, the first thing you should do if your account gets hacked is to run an end-to-end antivirus scan. This means skipping the "quick scan" setting in favor of a deep scan to identify and eliminate not only all forms of malware (including Trojans and spyware to keyloggers that could be tracking your keystrokes even after the hack has been identified) and potentially unwanted applications. Hackers don't just want access to your account so they can send your friends embarrassing messages—they're looking for ways to scam you out of money or commit credit card fraud. For example, hackers target businesses that regularly send funds via wire transfer. Once an email account is compromised, they are able to send their own unauthorized transfers. According to the FBI's Internet Crime Complaint Center, businesses saw an exposed loss of more than $747 million over the last two years, despite having network protection in place and IT staff on board. When it comes to your email accounts, the sooner you run an antivirus scan, the better. It's important to make sure you're clean before you change any of your other sensitive information to avoid restarting the cycle.

2. Change Your Passwords

Once your computer is free of malware, it's time to change your password. If you've lost access to your account, you may need to contact the email provider directly, prove who you are and ask for a password reset. Choose a new password that is markedly different from your old one and make sure it doesn't contain strings of repeated characters or numbers. Stay away from passwords that are obviously tied to your name, birthday or similar personal stats since hackers can easily find this information, and often use it in their first attempts to access your account. Your password should be unique for each account, complex (i.e., a mix of letters, numbers and special characters) and at least 15 characters long.

3. Contact Other Online Services

It's also critical to change your passwords with other payment-based accounts such as Amazon, Netflix, credit card companies and even the local library to prevent hackers from compromising these accounts as well. In some cases, the problem is using the same password again and again for multiple sites, but even varied passwords may not be enough if you have emails in your account that lead directly to linked online vendors.

4. Notify People You Know

Credit.com
notes that it's also a good idea to tell your friends, family and anyone else on your email contact list that you've been hacked. During the period when attackers had control of your account, they could have sent dozens or even hundreds of malware-laden emails to everyone you know, in turn giving them access to a new set of victims. Warning your contacts lets them take steps to ensure their own devices are clean and unaffected.

5. Change Your Security Questions

While your password was the most likely attack route, it's also possible that hackers broke into your account after answering your security questions. According to recent Google research, many users choose the same answer to common security questions. For example, nearly 20% of American users answered "pizza" to the question "What is your favorite food?" In order to further protect your email, be sure to employ the multi-factor authentication that many providers allow to gain access to your password, including using secondary email addresses or text messages, since security questions alone are not enough.

6. Report the Hack

If you haven't already, contact your email provider and report the hack. This is important even if your hacked email didn't cause you to lose access since it helps providers track scam-based behavior. In addition, your email provider may be able to offer details about the origin or nature of the attack.

7. Create a New Email Account

Sometimes it's not worth picking up where you left off. If this isn't the first time hacked email has been a problem, or if your provider doesn't seem to be taking steps to mitigate the amount of spam you receive, it may be time for a switch. Look for a service that offers default encryption of your emails and solid customer service in the event of an issue.

8. Contact Credit Agencies

Scammers know that a personal touch often gets them through the first line of spam defense, and according to Hubspot, emails sent from named accounts have a far higher click-through rate. Fraudsters are much more likely to attempt to make personal contact and convince you to share personal details before they start defrauding your accounts and making purchases on your credit card. Hackers' reach is often much greater than a simple email hack indicates, so it's a good idea to reach out and ask credit reporting agencies like TransUnion or Equifax to monitor your accounts in the months after you've been hacked.

9. Consider Your ID Protection Options

If you've been hacked, another idea worth considering is an ID protection service. These services typically offer real-time email and online retail account monitoring, in addition to credit score reporting, and personal assistance in the event of an identity theft. There's often a significant cost associated with this kind of protection, so be sure to look for companies with solid track record; and make sure you use a legitimate services—not a hacker scam in disguise looking for your personal data.

10. Get Totally Secure

Run an antivirus scan on all connected devices, including your laptop, tablet and smartphone, to make sure attackers aren't jumping the gap between platforms to infect your devices. Take steps to secure the cloud as well, since it may also contain your personal data. It's essential to upgrade basic antivirus protection to full-time Internet security protection that proactively blocks new, unknown threats and actively safeguards your actions online rather than trying to scrub your computer clean after the fact.

If you ever discover that your email has been hacked, follow these 10 steps to take back control and prevent future problems.